Is System V IPC namespace still shared across jails?
Mark Martinec
Mark.Martinec+freebsd at ijs.si
Mon Dec 12 19:25:06 UTC 2016
Regarding installation of PostgreSQL in a FreeBSD jail, the web hold
plenty of
warnings/advice that each postgres instance should have a unique UID,
otherwise
they stumble across each other's feet:
| allow.sysvipc
| A process within the jail has access to System V IPC primitives. In
the
| current jail implementation, System V primitives share a single
namespace
| across the host and jail environments, meaning that processes within a
jail
| would be able to communicate with (and potentially interfere with)
processes
| outside of the jail, and in other jails.
Is this still the case in FreeBSD 11.0 ???
I remember hearing rumors that the System V namespace
no longer is (will?) be shared across jails.
(Couldn't find it being mentioned in release notes.)
Mark
More information about the freebsd-stable
mailing list